![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.23 / (download) - annotate - [select for diffs], Fri Feb 24 11:03:01 2023 UTC (13 months, 3 weeks ago) by riastradh
Branch: MAIN
CVS Tags: thorpej-ifq-base,
thorpej-ifq,
thorpej-altq-separation-base,
thorpej-altq-separation,
HEAD
Changes since 1.22: +2 -5
lines
Diff to previous 1.22 (colored) to selected 1.1.2.1 (colored)
npf: Eliminate __HAVE_ATOMIC_AS_MEMBAR conditionals. Discussed on tech-kern: https://mail-index.netbsd.org/tech-kern/2023/02/23/msg028729.html Requested by rmind@: https://github.com/rmind/npf/pull/127#issuecomment-1399573125
Revision 1.22 / (download) - annotate - [select for diffs], Sat Apr 9 23:38:33 2022 UTC (2 years ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base,
netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1,
netbsd-10,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm
Changes since 1.21: +3 -3
lines
Diff to previous 1.21 (colored) to selected 1.1.2.1 (colored)
sys: Use membar_release/acquire around reference drop. This just goes through my recent reference count membar audit and changes membar_exit to membar_release and membar_enter to membar_acquire -- this should make everything cheaper on most CPUs without hurting correctness, because membar_acquire is generally cheaper than membar_enter.
Revision 1.21 / (download) - annotate - [select for diffs], Sat Mar 12 15:32:32 2022 UTC (2 years, 1 month ago) by riastradh
Branch: MAIN
Changes since 1.20: +7 -1
lines
Diff to previous 1.20 (colored) to selected 1.1.2.1 (colored)
sys: Membar audit around reference count releases. If two threads are using an object that is freed when the reference count goes to zero, we need to ensure that all memory operations related to the object happen before freeing the object. Using an atomic_dec_uint_nv(&refcnt) == 0 ensures that only one thread takes responsibility for freeing, but it's not enough to ensure that the other thread's memory operations happen before the freeing. Consider: Thread A Thread B obj->foo = 42; obj->baz = 73; mumble(&obj->bar); grumble(&obj->quux); /* membar_exit(); */ /* membar_exit(); */ atomic_dec -- not last atomic_dec -- last /* membar_enter(); */ KASSERT(invariant(obj->foo, obj->bar)); free_stuff(obj); The memory barriers ensure that obj->foo = 42; mumble(&obj->bar); in thread A happens before KASSERT(invariant(obj->foo, obj->bar)); free_stuff(obj); in thread B. Without them, this ordering is not guaranteed. So in general it is necessary to do membar_exit(); if (atomic_dec_uint_nv(&obj->refcnt) != 0) return; membar_enter(); to release a reference, for the `last one out hit the lights' style of reference counting. (This is in contrast to the style where one thread blocks new references and then waits under a lock for existing ones to drain with a condvar -- no membar needed thanks to mutex(9).) I searched for atomic_dec to find all these. Obviously we ought to have a better abstraction for this because there's so much copypasta. This is a stop-gap measure to fix actual bugs until we have that. It would be nice if an abstraction could gracefully handle the different styles of reference counting in use -- some years ago I drafted an API for this, but making it cover everything got a little out of hand (particularly with struct vnode::v_usecount) and I ended up setting it aside to work on psref/localcount instead for better scalability. I got bored of adding #ifdef __HAVE_ATOMIC_AS_MEMBAR everywhere, so I only put it on things that look performance-critical on 5sec review. We should really adopt membar_enter_preatomic/membar_exit_postatomic or something (except they are applicable only to atomic r/m/w, not to atomic_load/store_*, making the naming annoying) and get rid of all the ifdefs.
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Sat Jun 20 15:46:48 2020 UTC (3 years, 9 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE
Changes since 1.19: +10 -9
lines
Diff to previous 1.19 (colored) next main 1.20 (colored) to selected 1.1.2.1 (colored)
Pull up following revision(s) (requested by rmind in ticket #956):
usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.
npftest -- npf_test_init(): add a workaround for NetBSD.
npf-params(7): fix the state.key defaults.
npf-params.7: s/filer/filter/
Adjust to "npfctl debug" command line changes, from rmind@.
Use more markup.
Revision 1.20 / (download) - annotate - [select for diffs], Sat May 30 14:16:56 2020 UTC (3 years, 10 months ago) by rmind
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base,
thorpej-i2c-spi-conf2,
thorpej-i2c-spi-conf-base,
thorpej-i2c-spi-conf,
thorpej-futex2-base,
thorpej-futex2,
thorpej-futex-base,
thorpej-futex,
thorpej-cfargs2-base,
thorpej-cfargs2,
thorpej-cfargs-base,
thorpej-cfargs,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Changes since 1.19: +9 -8
lines
Diff to previous 1.19 (colored) to selected 1.1.2.1 (colored)
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Jul 23 00:52:01 2019 UTC (4 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
netbsd-9-base,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
is-mlppp-base,
is-mlppp,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache
Branch point for: netbsd-9
Changes since 1.18: +0 -0
lines
Diff to previous 1.18 (colored) to selected 1.1.2.1 (colored)
NPF improvements: - Add support for dynamic NETMAP algorithm (stateful net-to-net). - Add most of the support for the dynamic NAT rules; a little bit more userland work is needed to finish this up and enable. - Replace 'stateful-ends' with more permissive 'stateful-all'. - Add various tunable parameters and document them, see npf-params(7). - Reduce the memory usage of the connection state table (conndb). - Portmap rewrite: use memory more efficiently, handle addresses dynamically. - Bug fix: add splsoftnet()/splx() around the thmap writers and comment. - npftest: clean up and simplify; fix some memleaks to make ASAN happy.
Revision 1.16.14.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:46 2019 UTC (4 years, 10 months ago) by christos
Branch: phil-wifi
Changes since 1.16: +18 -16
lines
Diff to previous 1.16 (colored) next main 1.17 (colored) to selected 1.1.2.1 (colored)
Sync with HEAD
Revision 1.18 / (download) - annotate - [select for diffs], Thu Apr 11 14:38:06 2019 UTC (5 years ago) by kamil
Branch: MAIN
CVS Tags: phil-wifi-20190609,
isaki-audio2-base,
isaki-audio2
Changes since 1.17: +1 -1
lines
Diff to previous 1.17 (colored) to selected 1.1.2.1 (colored)
Fix CVS Id usage
Revision 1.16.12.1 / (download) - annotate - [select for diffs], Sun Sep 30 01:45:56 2018 UTC (5 years, 6 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.16: +17 -15
lines
Diff to previous 1.16 (colored) next main 1.17 (colored) to selected 1.1.2.1 (colored)
Ssync with HEAD
Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 29 14:41:36 2018 UTC (5 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930
Changes since 1.16: +17 -15
lines
Diff to previous 1.16 (colored) to selected 1.1.2.1 (colored)
NPF: Major rework -- migrate NPF to the libnv library. - This conversion significantly simplifies the code and moves NPF to a binary serialisation format (replacing the XML-like format). - Fix some memory/reference leaks and possibly use-after-free bugs. - Bump NPF_VERSION as this change makes libnpf incompatible with the previous versions. Also, different serialisation format means NPF connection/config saving and loading is not compatible with the previous versions either. Thanks to christos@ for extra testing.
Revision 1.2.4.5 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:03 2017 UTC (6 years, 4 months ago) by jdolecek
Branch: tls-maxphys
Changes since 1.2.4.4: +43 -31
lines
Diff to previous 1.2.4.4 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored) to selected 1.1.2.1 (colored)
update from HEAD
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:54:05 2017 UTC (6 years, 11 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.15: +4 -3
lines
Diff to previous 1.15 (colored) next main 1.16 (colored) to selected 1.1.2.1 (colored)
Sync with HEAD
Revision 1.12.8.2 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:50 2017 UTC (7 years, 1 month ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.12.8.1: +4 -3
lines
Diff to previous 1.12.8.1 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored) to selected 1.1.2.1 (colored)
Sync with HEAD
Revision 1.12.4.1 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:58 2017 UTC (7 years, 2 months ago) by skrll
Branch: nick-nhusb
Changes since 1.12: +44 -32
lines
Diff to previous 1.12 (colored) next main 1.13 (colored) to selected 1.1.2.1 (colored)
Sync with HEAD
Revision 1.16 / (download) - annotate - [select for diffs], Sun Jan 29 00:15:54 2017 UTC (7 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-compat-base,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
nick-nhusb-base-20170825,
nick-nhusb-base-20170204,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
jdolecek-ncq-base,
jdolecek-ncq,
bouyer-socketcan-base1
Branch point for: phil-wifi,
pgoyette-compat
Changes since 1.15: +4 -3
lines
Diff to previous 1.15 (colored) to selected 1.1.2.1 (colored)
- Increase copyin buffer size to 4M - Change log output format to be like the OpenBSD's pf including in the header the matching rule etc, and fill in the matching info.
Revision 1.12.8.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:50 2017 UTC (7 years, 3 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.12: +41 -30
lines
Diff to previous 1.12 (colored) to selected 1.1.2.1 (colored)
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Revision 1.15 / (download) - annotate - [select for diffs], Wed Dec 28 21:55:04 2016 UTC (7 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107,
bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.14: +10 -1
lines
Diff to previous 1.14 (colored) to selected 1.1.2.1 (colored)
export rprocs too so we don't lose them.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Dec 26 23:05:06 2016 UTC (7 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.13: +29 -29
lines
Diff to previous 1.13 (colored) to selected 1.1.2.1 (colored)
Sync NPF with the version on github: backport standalone NPF changes, which allow us to create and run separate NPF instances. Minor fixes. (from rmind@)
Revision 1.13 / (download) - annotate - [select for diffs], Sat Dec 10 19:02:18 2016 UTC (7 years, 4 months ago) by christos
Branch: MAIN
Changes since 1.12: +3 -1
lines
Diff to previous 1.12 (colored) to selected 1.1.2.1 (colored)
Add missing extcalls array. This is currently a no-op, but this is what userland does too. Allows npfctl save; npfctl load to work again.
Revision 1.2.4.4 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:35 2014 UTC (9 years, 8 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.4.3: +26 -6
lines
Diff to previous 1.2.4.3 (colored) to branchpoint 1.2 (colored) to selected 1.1.2.1 (colored)
Rebase to HEAD as of a few days ago.
Revision 1.12 / (download) - annotate - [select for diffs], Mon Aug 11 01:54:12 2014 UTC (9 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-base,
pgoyette-localcount-base,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
nick-nhusb-base-20161204,
nick-nhusb-base-20161004,
nick-nhusb-base-20160907,
nick-nhusb-base-20160529,
nick-nhusb-base-20160422,
nick-nhusb-base-20160319,
nick-nhusb-base-20151226,
nick-nhusb-base-20150921,
nick-nhusb-base-20150606,
nick-nhusb-base-20150406,
nick-nhusb-base,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7,
localcount-20160914
Branch point for: pgoyette-localcount,
nick-nhusb
Changes since 1.11: +17 -1
lines
Diff to previous 1.11 (colored) to selected 1.1.2.1 (colored)
NPF: finish up the rework of npfctl_save() mechanism.
Revision 1.9.10.1 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:16 2014 UTC (9 years, 8 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.9: +11 -7
lines
Diff to previous 1.9 (colored) next main 1.10 (colored) to selected 1.1.2.1 (colored)
Rebase.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Jul 20 00:37:41 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
CVS Tags: tls-earlyentropy-base
Changes since 1.10: +6 -6
lines
Diff to previous 1.10 (colored) to selected 1.1.2.1 (colored)
NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.
Revision 1.2.2.5 / (download) - annotate - [select for diffs], Thu May 22 11:41:09 2014 UTC (9 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2.2.4: +84 -12
lines
Diff to previous 1.2.2.4 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored) to selected 1.1.2.1 (colored)
sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
Revision 1.10 / (download) - annotate - [select for diffs], Mon May 19 18:45:51 2014 UTC (9 years, 11 months ago) by jakllsch
Branch: MAIN
Changes since 1.9: +7 -3
lines
Diff to previous 1.9 (colored) to selected 1.1.2.1 (colored)
Add ability to have mbufs disappear (to another interface) during npf_rproc_run(). For upcoming npf_ext_route extension. Guidance and ok by rmind@.
Revision 1.2.4.3 / (download) - annotate - [select for diffs], Sun Jun 23 06:20:25 2013 UTC (10 years, 9 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.4.2: +26 -7
lines
Diff to previous 1.2.4.2 (colored) to branchpoint 1.2 (colored) to selected 1.1.2.1 (colored)
resync from head
Revision 1.9 / (download) - annotate - [select for diffs], Mon Mar 11 01:56:37 2013 UTC (11 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9,
rmind-smpnet-nbase,
rmind-smpnet-base,
rmind-smpnet,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
khorben-n900,
agc-symver-base,
agc-symver
Branch point for: tls-earlyentropy
Changes since 1.8: +8 -8
lines
Diff to previous 1.8 (colored) to selected 1.1.2.1 (colored)
prevent the lookup function from autoloading recursively.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Mar 11 01:43:50 2013 UTC (11 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.7: +22 -16
lines
Diff to previous 1.7 (colored) to selected 1.1.2.1 (colored)
move the module loading in the correct place.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Mar 10 20:51:44 2013 UTC (11 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.6: +15 -2
lines
Diff to previous 1.6 (colored) to selected 1.1.2.1 (colored)
Split the npflog cloner and auto-load the extensions.
Revision 1.2.4.2 / (download) - annotate - [select for diffs], Mon Feb 25 00:30:03 2013 UTC (11 years, 1 month ago) by tls
Branch: tls-maxphys
Changes since 1.2.4.1: +64 -6
lines
Diff to previous 1.2.4.1 (colored) to branchpoint 1.2 (colored) to selected 1.1.2.1 (colored)
resync with head
Revision 1.1.2.4 / (download) - annotate - [select for diffs], Mon Feb 11 21:49:48 2013 UTC (11 years, 2 months ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-1
Changes since 1.1.2.3: +59 -6
lines
Diff to previous 1.1.2.3 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored) to selected 1.1.2.1 (colored)
Pull up following revision(s) (requested by rmind in ticket #817): usr.sbin/npf/npfctl/npfctl.8: revision 1.12 usr.sbin/npf/npfctl/npf.conf.5: revision 1.27 usr.sbin/npf/npfctl/npf_parse.y: revision 1.18 usr.sbin/npf/npfctl/npf_build.c: revision 1.20 usr.sbin/npf/npfctl/npfctl.c: revision 1.28 lib/libnpf/npf.c: revision 1.16 usr.sbin/npf/npfctl/npfctl.c: revision 1.29 lib/libnpf/npf.c: revision 1.17 sys/modules/npf/Makefile: revision 1.12 sys/net/npf/npf_rproc.c: revision 1.6 usr.sbin/npf/npftest/README: revision 1.4 sys/net/npf/npf_tableset.c: revision 1.17 sys/net/npf/npf_ctl.c: revision 1.21 sys/net/npf/npf_ctl.c: revision 1.22 usr.sbin/npf/npfctl/npfctl.h: revision 1.25 lib/libnpf/npf.h: revision 1.13 usr.sbin/npf/npftest/npftest.conf: revision 1.2 usr.sbin/npf/npfctl/npfctl.h: revision 1.26 sys/net/npf/npf_ruleset.c: revision 1.17 lib/libnpf/npf.h: revision 1.14 sys/net/npf/npf_ruleset.c: revision 1.18 sys/net/npf/npf_conf.c: revision 1.1 usr.sbin/npf/npfctl/npf_scan.l: revision 1.10 sys/net/npf/npf_conf.c: revision 1.2 sys/net/npf/npf_instr.c: revision 1.16 sys/net/npf/npf_handler.c: revision 1.26 sys/net/npf/npf_impl.h: revision 1.26 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.14 sys/net/npf/npf_processor.c: revision 1.15 sys/net/npf/npf_impl.h: revision 1.27 sys/net/npf/npf_alg_icmp.c: revision 1.15 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.15 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.16 sys/net/npf/npf_ncode.h: revision 1.11 sys/net/npf/files.npf: revision 1.10 usr.sbin/npf/npftest/Makefile: revision 1.4 usr.sbin/npf/npfctl/npfctl.c: revision 1.30 lib/libnpf/npf.3: revision 1.8 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.4 sys/net/npf/npf_session.c: revision 1.21 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.5 usr.sbin/npf/npfctl/npf_build.c: revision 1.18 usr.sbin/npf/npfctl/npf_build.c: revision 1.19 sys/net/npf/npf_alg.c: revision 1.7 usr.sbin/npf/npfctl/Makefile: revision 1.10 sys/net/npf/npf_inet.c: revision 1.21 sys/net/npf/npf.h: revision 1.26 sys/net/npf/npf.h: revision 1.27 usr.sbin/pf/ftp-proxy/Makefile: revision 1.8 sys/net/npf/npf_nat.c: revision 1.19 sys/net/npf/npf.c: revision 1.15 sys/net/npf/npf_state.c: revision 1.14 sys/net/npf/npf_sendpkt.c: revision 1.14 sys/rump/net/lib/libnpf/Makefile: revision 1.4 IPv6 linklocal address printing cosmetics NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version. Disable -DWITH_NPF for now; will be converted to BPF mechanism. - Fix NPF config reload with dynamic rules present. - Implement list and flush commands on a dynamic ruleset. Allow filtering on IP addresses even if the L4 protocol is unknown. Patch from spz@. npftest: adjust for recent change.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Feb 9 03:35:32 2013 UTC (11 years, 2 months ago) by rmind
Branch: MAIN
Changes since 1.5: +59 -6
lines
Diff to previous 1.5 (colored) to selected 1.1.2.1 (colored)
NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version.
Revision 1.1.2.3 / (download) - annotate - [select for diffs], Fri Feb 8 19:18:09 2013 UTC (11 years, 2 months ago) by riz
Branch: netbsd-6
Changes since 1.1.2.2: +6 -1
lines
Diff to previous 1.1.2.2 (colored) to branchpoint 1.1 (colored) to selected 1.1.2.1 (colored)
Pull up following revision(s) (requested by rmind in ticket #777): usr.sbin/npf/npfctl/npfctl.c: revision 1.27 sys/net/npf/npf_session.c: revision 1.19 usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4 sys/net/npf/npf_rproc.c: revision 1.5 usr.sbin/npf/npftest/README: revision 1.3 sys/sys/mbuf.h: revision 1.151 sys/net/npf/npf_ruleset.c: revision 1.15 usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3 sys/net/npf/npf_ruleset.c: revision 1.16 usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4 usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4 sys/net/npf/npf_inet.c: revision 1.19 sys/net/npf/npf_instr.c: revision 1.15 sys/net/npf/npf_handler.c: revision 1.24 sys/net/npf/npf_handler.c: revision 1.25 sys/net/npf/npf_state_tcp.c: revision 1.12 sys/net/npf/npf_processor.c: revision 1.13 sys/net/npf/npf_impl.h: revision 1.25 sys/net/npf/npf_processor.c: revision 1.14 sys/net/npf/npf_mbuf.c: revision 1.10 sys/net/npf/npf_alg_icmp.c: revision 1.14 sys/net/npf/npf_mbuf.c: revision 1.9 usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3 sys/net/npf/npf_session.c: revision 1.20 sys/net/npf/npf_alg.c: revision 1.6 sys/kern/uipc_mbuf.c: revision 1.148 sys/net/npf/npf_inet.c: revision 1.20 sys/net/npf/npf.h: revision 1.25 sys/net/npf/npf_nat.c: revision 1.18 sys/net/npf/npf_state.c: revision 1.13 sys/net/npf/npf_sendpkt.c: revision 1.13 sys/net/npf/npf_ext_log.c: revision 1.2 usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4 sys/net/npf/npf_ext_normalise.c: revision 1.2 - Rework NPF's nbuf interface: use advancing and ensuring as a main method. Eliminate unnecessary copy and simplify. Adapt regression tests. - Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute. - Minor fixes, misc cleanup. Silence gcc in npf_recache(). Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not destroy the mbuf chain on failure (it is kept valid). - nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free the mbuf chain on failure. Fixes some corner cases. Improve regression test and sprinkle some asserts. - npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix). The problem was found and fix provided by Anthony Mallet.
Revision 1.2.2.4 / (download) - annotate - [select for diffs], Wed Jan 23 00:06:25 2013 UTC (11 years, 2 months ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.2.2.3: +6 -1
lines
Diff to previous 1.2.2.3 (colored) to branchpoint 1.2 (colored) to selected 1.1.2.1 (colored)
sync with head
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jan 20 18:45:56 2013 UTC (11 years, 3 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base8
Changes since 1.4: +6 -1
lines
Diff to previous 1.4 (colored) to selected 1.1.2.1 (colored)
- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free the mbuf chain on failure. Fixes some corner cases. Improve regression test and sprinkle some asserts. - npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix). The problem was found and fix provided by Anthony Mallet.
Revision 1.2.4.1 / (download) - annotate - [select for diffs], Tue Nov 20 03:02:47 2012 UTC (11 years, 5 months ago) by tls
Branch: tls-maxphys
Changes since 1.2: +187 -44
lines
Diff to previous 1.2 (colored) to selected 1.1.2.1 (colored)
Resync to 2012-11-19 00:00:00 UTC
Revision 1.1.2.2 / (download) - annotate - [select for diffs], Sun Nov 18 22:38:25 2012 UTC (11 years, 5 months ago) by riz
Branch: netbsd-6
Changes since 1.1.2.1: +187 -44
lines
Diff to previous 1.1.2.1 (colored) to branchpoint 1.1 (colored)
Pull up following revision(s) (requested by rmind in ticket #693): lib/npf/ext_normalise/shlib_version: revision 1.1 lib/libnpf/npf.c: revision 1.13 distrib/sets/lists/modules/mi: revision 1.48 sys/net/npf/npf_rproc.c: revision 1.3 sys/net/npf/npf_rproc.c: revision 1.4 sys/modules/npf/Makefile: revision 1.11 usr.sbin/npf/npfctl/npfctl.h: revision 1.20 lib/npf/ext_log/npfext_log.c: revision 1.1 lib/libnpf/npf.h: revision 1.11 sys/net/npf/npf_inet.c: revision 1.17 sys/net/npf/npf_log.c: file removal sys/net/npf/npf_handler.c: revision 1.22 distrib/sets/lists/base/shl.mi: revision 1.636 sys/net/npf/npf_impl.h: revision 1.23 usr.sbin/npf/npfctl/Makefile: revision 1.8 lib/npf/Makefile: revision 1.1 lib/npf/ext_log/shlib_version: revision 1.1 lib/Makefile: revision 1.189 distrib/sets/lists/comp/shl.mi: revision 1.236 usr.sbin/npf/npfctl/npf_build.c: revision 1.14 distrib/sets/lists/base/mi: revision 1.1007 usr.sbin/npf/npfctl/npf_scan.l: revision 1.6 distrib/sets/lists/base/mi: revision 1.1009 sys/net/npf/npf.h: revision 1.21 lib/npf/ext_normalise/npfext_normalise.c: revision 1.1 etc/mtree/NetBSD.dist.base: revision 1.105 lib/libnpf/Makefile: revision 1.3 etc/mtree/NetBSD.dist.base: revision 1.106 usr.sbin/npf/npfctl/npf_extmod.c: revision 1.1 sys/net/npf/npf_ctl.c: revision 1.18 lib/npf/ext_log/Makefile: revision 1.1 distrib/sets/lists/comp/mi: revision 1.1781 usr.sbin/npf/npfctl/npf_var.h: revision 1.4 sys/net/npf/npf.c: revision 1.13 sys/modules/Makefile: revision 1.111 sys/net/npf/npf_ext_log.c: revision 1.1 lib/npf/Makefile.inc: revision 1.1 sys/net/npf/npf_ext_normalise.c: revision 1.1 sys/net/npf/files.npf: revision 1.8 sys/rump/net/lib/libnpf/Makefile: revision 1.2 sys/modules/npf_ext_log/Makefile: revision 1.1 lib/npf/ext_normalise/Makefile: revision 1.1 usr.sbin/npf/npfctl/npfctl.c: revision 1.20 usr.sbin/npf/npfctl/npf_parse.y: revision 1.13 sys/modules/npf_ext_normalise/Makefile: revision 1.1 Implement dynamic NPF extensions interface. An extension consists of dynamically loaded module (.so) supplementing npfctl(8) and a kernel module. Move normalisation and logging functionality into their own extensions. More improvements to come. Add /usr/lib/npf. Add ./usr/libdata/debug/usr/lib/npf for rmind Fix MKDEBUG set lists ext_ops does not change during the life cycle and can be fetched without the mutex held. This avoids confusion in the compiler about an uninitialized variable ext_ops. ok rmind@
Revision 1.2.2.3 / (download) - annotate - [select for diffs], Tue Oct 30 17:22:44 2012 UTC (11 years, 5 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2.2.2: +187 -44
lines
Diff to previous 1.2.2.2 (colored) to branchpoint 1.2 (colored) to selected 1.1.2.1 (colored)
sync with head
Revision 1.4 / (download) - annotate - [select for diffs], Wed Oct 3 12:24:56 2012 UTC (11 years, 6 months ago) by mlelstv
Branch: MAIN
CVS Tags: yamt-pagecache-base7,
yamt-pagecache-base6
Changes since 1.3: +5 -3
lines
Diff to previous 1.3 (colored) to selected 1.1.2.1 (colored)
ext_ops does not change during the life cycle and can be fetched without the mutex held. This avoids confusion in the compiler about an uninitialized variable ext_ops. ok rmind@
Revision 1.3 / (download) - annotate - [select for diffs], Sun Sep 16 13:47:41 2012 UTC (11 years, 7 months ago) by rmind
Branch: MAIN
Changes since 1.2: +185 -44
lines
Diff to previous 1.2 (colored) to selected 1.1.2.1 (colored)
Implement dynamic NPF extensions interface. An extension consists of dynamically loaded module (.so) supplementing npfctl(8) and a kernel module. Move normalisation and logging functionality into their own extensions. More improvements to come.
Revision 1.2.2.2 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:39 2012 UTC (12 years ago) by yamt
Branch: yamt-pagecache
Changes since 1.2.2.1: +132 -0
lines
Diff to previous 1.2.2.1 (colored) to branchpoint 1.2 (colored) to selected 1.1.2.1 (colored)
sync with head
Revision 1.1.2.1 / (download) - annotate - [selected], Tue Apr 3 17:22:52 2012 UTC (12 years ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
netbsd-6-0,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus
Changes since 1.1: +3 -4
lines
Diff to previous 1.1 (colored)
Pull up following revision(s) (requested by rmind in ticket #158):
sys/net/npf/npf_session.c: revision 1.12
sys/net/npf/npf_tableset.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.2
usr.sbin/npf/npfctl/npf_parse.y: revision 1.4
sys/net/npf/npf_inet.c: revision 1.11
sys/net/npf/npf.h: revision 1.15
usr.sbin/npf/npfctl/npf_build.c: revision 1.5
sys/net/npf/npf_ruleset.c: revision 1.11
sys/net/npf/npf_instr.c: revision 1.10
usr.sbin/npf/npfctl/Makefile: revision 1.6
sys/net/npf/npf_processor.c: revision 1.10
sys/net/npf/npf_log.c: revision 1.3
lib/libnpf/npf.h: revision 1.7
sys/net/npf/npf_alg.c: revision 1.3
sys/net/npf/npf_sendpkt.c: revision 1.9
lib/libnpf/npf.c: revision 1.8
usr.sbin/npf/npfctl/npfctl.h: revision 1.13
sys/net/npf/npf_ctl.c: revision 1.13
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.8
sys/net/npf/npf_ctl.c: revision 1.14
sys/net/npf/npf_nat.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.12
sys/net/npf/npf_impl.h: revision 1.11
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.1
sys/net/npf/npf_impl.h: revision 1.12
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.2
sys/net/npf/npf_handler.c: revision 1.14
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.3
sys/net/npf/npf_handler.c: revision 1.15
sys/net/npf/npf_ncode.h: revision 1.6
sys/net/npf/npf.c: revision 1.8
sys/net/npf/npf.c: revision 1.9
sys/net/npf/npf_alg_icmp.c: revision 1.9
sys/net/npf/npf_session.c: revision 1.11
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS. Be more defensive in the
packet handler. Change the default policy to block when the config is
loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
of rule procedure might happen in the interrupt handler (under a very rare
condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
Simplify slightly: merge iface into addr_or_iface, use it in filt_addr.
Add a small disassembler.
definitions used by the disassembler.
- better printing of type/code flags/mask
- pass the instruction start pointer, instead of subtracting 1 to account for it
- Save active config in proplib dictionary; add GETCONF ioctl to retrieve.
- Few fixes. Improve some comments.
don't leak the branch target array.
Add NPF config retrieval routines.
Revision 1.1.4.3 / (download) - annotate - [select for diffs], Fri Feb 24 09:11:49 2012 UTC (12 years, 1 month ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.1.4.2: +4 -5
lines
Diff to previous 1.1.4.2 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored) to selected 1.1.2.1 (colored)
sync to -current.
Revision 1.2.2.1, Mon Feb 20 00:18:20 2012 UTC (12 years, 2 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2: +0 -132
lines
FILE REMOVED
file npf_rproc.c was added on branch yamt-pagecache on 2012-04-17 00:08:39 +0000
Revision 1.2 / (download) - annotate - [select for diffs], Mon Feb 20 00:18:20 2012 UTC (12 years, 2 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base8,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base10
Branch point for: yamt-pagecache,
tls-maxphys
Changes since 1.1: +4 -5
lines
Diff to previous 1.1 (colored) to selected 1.1.2.1 (colored)
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS. Be more defensive in the
packet handler. Change the default policy to block when the config is
loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
of rule procedure might happen in the interrupt handler (under a very rare
condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
Revision 1.1.4.2 / (download) - annotate - [select for diffs], Sat Feb 18 07:35:38 2012 UTC (12 years, 2 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.1.4.1: +133 -0
lines
Diff to previous 1.1.4.1 (colored) to branchpoint 1.1 (colored) to selected 1.1.2.1 (colored)
merge to -current.
Revision 1.1.4.1, Mon Feb 6 23:30:14 2012 UTC (12 years, 2 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.1: +0 -133
lines
FILE REMOVED
file npf_rproc.c was added on branch jmcneill-usbmp on 2012-02-18 07:35:38 +0000
Revision 1.1 / (download) - annotate - [select for diffs], Mon Feb 6 23:30:14 2012 UTC (12 years, 2 months ago) by rmind
Branch: MAIN
CVS Tags: netbsd-6-base,
jmcneill-usbmp-base2
Branch point for: netbsd-6,
jmcneill-usbmp
Diff to selected 1.1.2.1 (colored)
- Split NPF rule procedure code into a separate module (no functional changes). - Simplify some code, add more comments, some asserts. - G/C unused rule hook code.